IGSS (Interactive Graphical SCADA System)

Act Now9.8SEVD-2022-039-01Feb 8, 2022

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Schneider Electric IGSS Data Server versions 15.0.0.22020 and earlier contain multiple vulnerabilities (CWE-190 integer overflow, CWE-22 path traversal, CWE-120/CWE-125 buffer overflows, CWE-665 improper initialization, CWE-862 missing authorization) in the TCP interface module used by other IGSS components to access SCADA system data. These vulnerabilities allow unauthenticated remote code execution, potentially leading to disclosure of industrial process data and loss of control of the SCADA system when running in production mode.

What this means

What could happen

An unauthenticated attacker could remotely execute arbitrary code on the IGSS Data Server, allowing them to read sensitive process data or take control of industrial monitoring and control operations.

Who's at risk

Organizations operating Schneider Electric IGSS as a SCADA system for industrial process monitoring and control, particularly in energy and manufacturing sectors. This affects the Data Server module that centralizes access to process data across the IGSS system.

How it could be exploited

An attacker on the network sends a specially crafted request to the IGSS Data Server TCP interface. The server fails to properly validate input (buffer overflow, path traversal, or integer overflow), allowing the attacker to execute code with the same privileges as the Data Server process.

Prerequisites

Network access to the IGSS Data Server TCP port (typically port 12401)
No authentication required

remotely exploitableno authentication requiredlow complexityhigh CVSS score (9.8)affects SCADA control systemsrisk of data disclosure and loss of operational control

Exploitability

Moderate exploit probability (EPSS 7.8%)

Affected products (1)

ProductAffected VersionsFix Status

IGSS Data Server (IGSSdataServer.exe) <=15.0.0.22020≤ V15.0.0.2202015.0.0.22021

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDRestrict network access to the IGSS Data Server TCP port to only authorized engineering workstations and IGSS modules using firewall rules

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate IGSS Data Server to version 15.0.0.22021 or later

Long-term hardening

0/1

HARDENINGSegment the IGSS Data Server onto a dedicated industrial network isolated from untrusted networks

CVEs (8)

CVE-2022-24310 CVE-2022-24311 CVE-2022-24312 CVE-2022-24313 CVE-2022-24314 CVE-2022-24315 CVE-2022-24316 CVE-2022-24317

View full Schneider Electric advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/669ffd8e-dc37-4409-b8d5-969d126fb21b